CVE-2019-0307
LOWSAP Solution Manager 7.2 - Missing Encryption of Sensitive Data in Diagnostics Agent
Title source: llmDescription
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2772266
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Scores
CVSS v3
2.4
EPSS
0.0209
EPSS Percentile
79.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-311
Status
published
Products (1)
sap/solution_manager
7.2
Published
Jun 12, 2019
Tracked Since
Feb 18, 2026